Updated March 20, 2020 – An increasing number of articles have been published on the Internet with unclear and sometimes misleading information concerning one of the primary dashboards for awareness concerning the spread of the Coronavirus. To be clear, the online map posted by Johns Hopkins University at https://coronavirus.jhu.edu/map.html does NOT contain any malware (and NEVER contained malware). This popular dashboard web application is hosted by Esri as part of our ArcGIS Online offering.
The confusion comes from an issue where a malicious person created a downloadable Windows-based application containing malware whose display is practically identical to the Johns Hopkins Coronavirus browser-based dashboard (see comparison figure below). Whomever posted the malicious downloadable app is attempting to take advantage of the strong public interest concerning the Coronavirus, but it requires the user to either download the app executable, or it could be distributed by email for the user to then install onto their local Windows system.
The malicious app once downloaded and installed deploys malware called AZORult which is designed to steal credentials in the background (among other activities). To make the user think they are getting a Coronavirus map viewer, the app calls the URL of the Johns Hopkins dashboard and displays the results inside the application window.
Bottom-line, you are fine browsing the Coronavirus dashboard on the web with your browser as no software needs to be downloaded. If you come across someone offering a Coronavirus dashboard where you need to download software to view it, don’t use it!
We have contacted other resources about this issue and will continue to monitor it closely. The malicious executable was removed from it’s initial download location hosted on a malicious site (not managed by Esri or Johns Hopkins), but it may appear again. If you receive an email containing a link to download such an item or come across the code for the malicious app please report it immediately to our incident response team through the ArcGIS Trust Center security concern page. For general questions/concerns feel free to reach out to our team SoftwareSecurity@esri.com.
SAFE URL’s utilized to support trusted Coronavirus map dashboards:
- A trusted compilation of Coronavirus dashboards: https://coronavirus-resources.esri.com
- Direct URL to the Johns Hopkins dashboard: https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6
https://www.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6
https://www.arcgis.com/apps/opsdashboard/index.html#/85320e2ea5424dfaaa75ae62e5c06e61 (Mobile Version)
- Johns Hopkins URL to dashboard: https://coronavirus.jhu.edu/map.html
- Esri’s JavaScript API (Mandatory for ArcGIS applications to work): js.arcgis.com
Esri’s Software Security & Privacy Team
Article Discussion: